-
漏洞讨论

The 'scriptlet.typlib' ActiveX control can create, edit, and overwrite files on the local disk. This means that an executable text file (e.g. a '.hta' file) can be written to the startup folder of a remote machine and will be executed the next time that machine reboots. Attackers can exploit this vulnerability via a malicious web page or an email message.

-
漏洞利用

Exploit by Georgi Guninski.A working demo is available at:http://www.nat.bg/~joro/scrtlb.html